Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises
CVE-2020-4664
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 8 January 2021
Summary
IBM Engineering Requirements Quality Assistant On-Premises is affected by a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the web user interface. This issue can modify the website's functionality and may lead to the exposure of user credentials in a trusted session. Proper validation and sanitization of user input are essential to mitigate the risks associated with this vulnerability.
Affected Version(s)
Engineering Requirements Quality Assistant On-Premises
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved